Hi david,
i'm not sure about that, by havn't figured out why the credentials have to be in cleartext, but that was only possibility I got syncrepl working since I tried it with SSHA or MD5 prefixes.
Did you tried that in cleartext?
just my two bucks and a half
benjamin
Hi all,
i have a problem getting openldap to run monitor backend AND syncrepl
overlay.
i'm running freebsd-7.2-release-p6 in combination with
openldap-server-2.4.19 with sasl support compiled in.
i use the following slapd config:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/misc.schema
include /usr/local/etc/openldap/schema/ldapns.schema
include /usr/local/etc/openldap/schema/radius.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
logfile /var/log/slapd.log
password-hash {SSHA}
modulepath /usr/local/libexec/openldap
moduleload back_bdb
moduleload back_monitor
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
by ssf=128 dn="cn=admin,dc=example,dc=de" write
by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write
by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read
by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read
by anonymous auth
by * none
access to attrs=userPassword
by self write
by anonymous auth
by * none
database bdb
suffix "dc=example,dc=de"
rootdn "dc=example,dc=de"
directory /var/db/openldap-data
index objectClass,entryCSN,entryUUID eq
index uid pres,eq,sub
index memberUID eq
index uidNumber,gidNumber eq
index host eq
database monitor
rootdn "cn=monitoring,cn=Monitor"
rootpw monitoring
access to dn.subtree="cn=Monitor"
by dn="cn=nssadmin,dc=example,dc=de"
by * none
syncrepl rid=041
provider=ldap://ldap-master.example.de
type=refreshOnly
interval=00:00:35:00
searchbase="dc=example,dc=de"
schemachecking=off
bindmethod=simple
starttls=yes
binddn="cn=syncuser,dc=example,dc=de"
credentials="strongsecretpassword"
TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem
TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem
loglevel 256
now, when i run slaptest i receive following error:
/usr/local/etc/openldap/slapd.conf: line 59: database monitor does not
support operations required for syncrepl
slaptest: bad configuration file!
Line 59 corresponds to the credentials option in the synrepl statement.
i can't figure out whats wrong, so if anyone can point me in the right
direction that would be really helpful.
thanks in advance,
david